'\" t
.\"     Title: IPSEC_RANBITS
.\"    Author: Paul Wouters
.\" Generator: DocBook XSL Stylesheets v1.77.1 <http://docbook.sf.net/>
.\"      Date: 12/16/2012
.\"    Manual: Executable programs
.\"    Source: libreswan
.\"  Language: English
.\"
.TH "IPSEC_RANBITS" "8" "12/16/2012" "libreswan" "Executable programs"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ipsec_ranbits \- generate random bits in ASCII form
.SH "SYNOPSIS"
.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIranbits\fR [\-\-quick] [\-\-continuous] [\-\-bytes] \fInbits\fR
.SH "DESCRIPTION"
.PP
\fIRanbits\fR
obtains
\fInbits\fR
(rounded up to the nearest byte) high\-quality random bits from
\fBrandom\fR(4), and emits them on standard output as an ASCII string\&. The default output format is
\fBdatatot\fR(3)
\fBh\fR
format: lowercase hexadecimal with a
\fB0x\fR
prefix and an underscore every 32 bits\&.
.PP
The
\fB\-\-quick\fR
option produces quick\-and\-dirty random bits: instead of using the high\-quality random bits from
/dev/random, which may take some time to supply the necessary bits if
\fInbits\fR
is large,
\fIranbits\fR
uses
/dev/urandom, which yields prompt results but lower\-quality randomness\&.
.PP
The
\fB\-\-continuous\fR
option uses
\fBdatatot\fR(3)
\fBx\fR
output format, like
\fBh\fR
but without the underscores\&.
.PP
The
\fB\-\-bytes\fR
option causes
\fInbits\fR
to be interpreted as a byte count rather than a bit count\&.
.SH "FILES"
.PP
/dev/random, /dev/urandom
.SH "SEE ALSO"
.PP
\fBipsec_datatot\fR(3),
\fBrandom\fR(4)
.SH "HISTORY"
.PP
Written for the Linux FreeS/WAN project <\m[blue]\fBhttp://www\&.freeswan\&.org\fR\m[]> by Henry Spencer\&.
.SH "BUGS"
.PP
There is an internal limit on
\fInbits\fR, currently 20000\&.
.PP
Without
\fB\-\-quick\fR,
\fIranbits\fR\*(Aqs run time is difficult to predict\&. A request for a large number of bits, at a time when the system\*(Aqs entropy pool is low on randomness, may take quite a while to satisfy\&.
.PP
Though not a bug of ranbits, the direct use of
\fI/dev/hw_random\fR, the Linux hardware random number generator is not supported because it can produce very non\-random data\&. To properly use
\fI/dev/hw_random\fR, the
\fIrngd\fR
daemon should be used to read from
\fI/dev/hw_random\fR
and write to
\fI/dev/random\fR, while performing a FIPS test on the hardware random read\&. No changes to Libreswan are required for this support \- just a running
\fIrngd\fR\&.
.SH "AUTHOR"
.PP
\fBPaul Wouters\fR
.RS 4
placeholder to suppress warning
.RE
